Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to redirect to access-denied-page with spring security

Tags:

spring-security

I have an application with JSF+Spring. I am using spring security and i works properly.However when i try to reach a secured page without authentication,instead of redirecting me to the denied page i just shows 403 Forbidden page. I don't know if there is anyting missing on applicationContext or web.xml,here is my code:

part of applicationContext:

<sec:http access-denied-page="/denied.xhtml"  auto-config="true" use-expressions="false" >
    <sec:form-login login-page="/login.xhtml" default-target-url="/"   authentication-failure-url="/denied.xhtml"
    login-processing-url="/static/j_spring_security_check"
    />
    <sec:intercept-url pattern="/PANEL/**"  access="ROLE_GENERALT"></sec:intercept-url>
    <sec:logout invalidate-session="true" logout-url="/index.xhtml"/>
    </sec:http>

<sec:global-method-security secured-annotations="enabled" jsr250-annotations="enabled"></sec:global-method-security>

and web.xml:

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:/appContext.xml
        </param-value>
    </context-param>
    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
</filter-mapping>
like image 749
user1171708 Avatar asked Nov 23 '25 23:11

user1171708

1 Answers

You need to set errorpage property for the accessDeniedHandler which is used by ExceptionTranslationFilter when an AccessDeniedException occurs

see this for info link

<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
  <property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
  <property name="accessDeniedHandler" ref="accessDeniedHandler"/>
</bean>

<bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
  <property name="errorPage" value="/denied.xhtml"/>
</bean>

alternatively, you can just add this to your web.xml

<error-page>
  <error-code>403</error-code>
  <location>/pages/denied.xhtml</location>
</error-page>
like image 165
Ravi Kadaboina Avatar answered Nov 25 '25 16:11

Ravi Kadaboina
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!